Use htmlspecialchars on HTML inputs to format
This commit is contained in:
parent
cfcae5fb2b
commit
942de26411
|
@ -52,12 +52,12 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<h1 style='" . self::CSS_H1 . "'>";
|
$this->_msg_html .= "<h1 style='" . htmlspecialchars(self::CSS_H1) . "'>";
|
||||||
if ($this->use_logo === true) {
|
if ($this->use_logo === true) {
|
||||||
$this->_msg_html .= "<img style='" . self::CSS_LOGO . "' src=\"cid:mdlogo\" alt='' />";
|
$this->_msg_html .= "<img style='" . htmlspecialchars(self::CSS_LOGO) . "' src=\"cid:mdlogo\" alt='' />";
|
||||||
}
|
}
|
||||||
$this->_msg_html .= "<span style='" . self::CSS_H1_SPAN . "'>" . nl2br($input) . "</span></h1>";
|
$this->_msg_html .= "<span style='" . htmlspecialchars(self::CSS_H1_SPAN) . "'>" . nl2br(htmlspecialchars($input)) . "</span></h1>";
|
||||||
$this->_msg_plain .= "{$input}
|
$this->_msg_plain .= $input . "
|
||||||
===================
|
===================
|
||||||
";
|
";
|
||||||
|
|
||||||
|
@ -74,8 +74,8 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<h2 style='" . self::CSS_H2 . "'>" . nl2br($input) . "</h2>";
|
$this->_msg_html .= "<h2 style='" . htmlspecialchars(self::CSS_H2) . "'>" . nl2br(htmlspecialchars($input)) . "</h2>";
|
||||||
$this->_msg_plain .= "{$input}
|
$this->_msg_plain .= $input . "
|
||||||
-------------------
|
-------------------
|
||||||
";
|
";
|
||||||
|
|
||||||
|
@ -92,10 +92,8 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<p style='" . self::CSS_P . "'>" . nl2br($input) . "</p>";
|
$this->_msg_html .= "<p style='" . htmlspecialchars(self::CSS_P) . "'>" . nl2br(htmlspecialchars($input)) . "</p>";
|
||||||
$this->_msg_plain .= "
|
$this->_msg_plain .= PHP_EOL . $input . PHP_EOL;
|
||||||
{$input}
|
|
||||||
";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -111,10 +109,8 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<a style='" . self::CSS_A_BUTTONLIKE . "' class='buttonLike' href='" . $href . "'>" . nl2br($input) . "</a>";
|
$this->_msg_html .= "<a style='" . htmlspecialchars(self::CSS_A_BUTTONLIKE) . "' class='buttonLike' href='" . htmlspecialchars($href) . "'>" . nl2br(htmlspecialchars($input)) . "</a>";
|
||||||
$this->_msg_plain .= "
|
$this->_msg_plain .= PHP_EOL . $input . ": " . $href . PHP_EOL;
|
||||||
{$input}: {$href}
|
|
||||||
";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -130,8 +126,8 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<a style='" . self::CSS_A_NORMAL . "' href='" . $href . "'>" . nl2br($input) . "</a>";
|
$this->_msg_html .= "<a style='" . htmlspecialchars(self::CSS_A_NORMAL) . "' href='" . htmlspecialchars($href) . "'>" . nl2br(htmlspecialchars($input)) . "</a>";
|
||||||
$this->_msg_plain .= "{$input}: {$href}";
|
$this->_msg_plain .= $input . ": " . $href;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,7 +137,7 @@ final class MDMailFormat {
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function startUl():void {
|
public function startUl():void {
|
||||||
$this->_msg_html .= "<ul style='" . self::CSS_UL . "'>";
|
$this->_msg_html .= "<ul style='" . htmlspecialchars(self::CSS_UL) . "'>";
|
||||||
$this->_msg_plain .= PHP_EOL;
|
$this->_msg_plain .= PHP_EOL;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -163,7 +159,7 @@ final class MDMailFormat {
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function startOl():void {
|
public function startOl():void {
|
||||||
$this->_msg_html .= "<ol style='" . self::CSS_OL . "'>";
|
$this->_msg_html .= "<ol style='" . htmlspecialchars(self::CSS_OL) . "'>";
|
||||||
$this->_msg_plain .= PHP_EOL;
|
$this->_msg_plain .= PHP_EOL;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -190,7 +186,7 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
|
|
||||||
$this->_msg_html .= "<li>{$input}</li>";
|
$this->_msg_html .= "<li>" . htmlspecialchars($input) . "</li>";
|
||||||
$this->_msg_plain .= PHP_EOL . "- {$input}";
|
$this->_msg_plain .= PHP_EOL . "- {$input}";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -235,7 +231,7 @@ final class MDMailFormat {
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
public function appendHr():void {
|
public function appendHr():void {
|
||||||
$this->_msg_html .= "<hr style='" . self::CSS_HR . "' />";
|
$this->_msg_html .= "<hr style='" . htmlspecialchars(self::CSS_HR) . "' />";
|
||||||
$this->_msg_plain .= PHP_EOL . "----------" . PHP_EOL;
|
$this->_msg_plain .= PHP_EOL . "----------" . PHP_EOL;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -249,7 +245,7 @@ final class MDMailFormat {
|
||||||
*/
|
*/
|
||||||
public function appendInlineText(string $input):void {
|
public function appendInlineText(string $input):void {
|
||||||
$input = trim($input);
|
$input = trim($input);
|
||||||
$this->_msg_html .= $input . " ";
|
$this->_msg_html .= htmlspecialchars($input) . " ";
|
||||||
$this->_msg_plain .= $input . " ";
|
$this->_msg_plain .= $input . " ";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -272,17 +268,17 @@ final class MDMailFormat {
|
||||||
<meta http-equiv=”X-UA-Compatible” content=”IE=edge” />
|
<meta http-equiv=”X-UA-Compatible” content=”IE=edge” />
|
||||||
<meta name=”viewport” content=”width=device-width, initial-scale=1.0 ” />
|
<meta name=”viewport” content=”width=device-width, initial-scale=1.0 ” />
|
||||||
<style>
|
<style>
|
||||||
a.buttonLike { ' . self::CSS_A_BUTTONLIKE . ' }
|
a.buttonLike { ' . htmlspecialchars(self::CSS_A_BUTTONLIKE) . ' }
|
||||||
a.buttonLike:hover { ' . self::CSS_A_BUTTONLIKE_HOVER . ' }
|
a.buttonLike:hover { ' . htmlspecialchars(self::CSS_A_BUTTONLIKE_HOVER) . ' }
|
||||||
p { ' . self::CSS_P . ' }
|
p { ' . htmlspecialchars(self::CSS_P) . ' }
|
||||||
ul { ' . self::CSS_UL . ' }
|
ul { ' . htmlspecialchars(self::CSS_UL) . ' }
|
||||||
ol { ' . self::CSS_OL . ' }
|
ol { ' . htmlspecialchars(self::CSS_OL) . ' }
|
||||||
hr { ' . self::CSS_HR . ' }
|
hr { ' . htmlspecialchars(self::CSS_HR) . ' }
|
||||||
#footer { ' . self::CSS_FOOTER . ' }
|
#footer { ' . htmlspecialchars(self::CSS_FOOTER) . ' }
|
||||||
#footer a { ' . self::CSS_A_FOOTER . ' }
|
#footer a { ' . htmlspecialchars(self::CSS_A_FOOTER) . ' }
|
||||||
#footer a:hover { ' . self::CSS_A_FOOTER_HOVER . ' }
|
#footer a:hover { ' . htmlspecialchars(self::CSS_A_FOOTER_HOVER) . ' }
|
||||||
h1 img { ' . self::CSS_LOGO . ' }
|
h1 img { ' . htmlspecialchars(self::CSS_LOGO) . ' }
|
||||||
h1 span { ' . self::CSS_H1_SPAN . ' }
|
h1 span { ' . htmlspecialchars(self::CSS_H1_SPAN) . ' }
|
||||||
</style>
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
@ -292,8 +288,8 @@ final class MDMailFormat {
|
||||||
|
|
||||||
$output .= trim($this->_msg_html);
|
$output .= trim($this->_msg_html);
|
||||||
$output .= '
|
$output .= '
|
||||||
<div id="footer" style="' . self::CSS_FOOTER . '">
|
<div id="footer" style="' . htmlspecialchars(self::CSS_FOOTER) . '">
|
||||||
<a style="' . self::CSS_A_FOOTER . '" href="' . MD_CONF_EMAIL::MAIL_TOOL_LINK . '">' . MD_CONF_EMAIL::MAIL_TOOL_NAME . '</a>
|
<a style="' . htmlspecialchars(self::CSS_A_FOOTER) . '" href="' . htmlspecialchars(MD_CONF_EMAIL::MAIL_TOOL_LINK) . '">' . htmlspecialchars(MD_CONF_EMAIL::MAIL_TOOL_NAME) . '</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user